From owner-doc-jp@jp.freebsd.org  Fri Nov  3 08:34:05 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id IAA09982;
	Fri, 3 Nov 2000 08:34:05 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from ns4.sony.co.jp (ns4.Sony.CO.JP [202.238.80.4])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id IAA09977
	for <doc-jp@jp.freebsd.org>; Fri, 3 Nov 2000 08:34:04 +0900 (JST)
	(envelope-from mho@pobox.com)
Received: from mail3.sony.co.jp (gatekeeper7.Sony.CO.JP [202.238.80.21])
	by ns4.sony.co.jp (R8) with ESMTP id IAA67662
	for <doc-jp@jp.freebsd.org>; Fri, 3 Nov 2000 08:35:22 +0900 (JST)
Received: from mail3.sony.co.jp (localhost [127.0.0.1])
	by mail3.sony.co.jp (R8) with ESMTP id eA2Ne6W10201
	for <doc-jp@jp.freebsd.org>; Fri, 3 Nov 2000 08:40:06 +0900 (JST)
Received: from sjp01002.meis.sony.co.jp (sjp01002.meis.sony.co.jp [43.15.126.31])
	by mail3.sony.co.jp (R8) with ESMTP id eA2Ne6G10197
	for <doc-jp@jp.freebsd.org>; Fri, 3 Nov 2000 08:40:06 +0900 (JST)
Received: from FREYA.hmp.sony.co.jp (tdc-ap-31.rmt.sony.co.jp [43.22.247.31]) by sjp01002.meis.sony.co.jp with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2651.97)
	id 4WJD7PG4; Fri, 3 Nov 2000 08:35:21 +0900
Date: Fri, 03 Nov 2000 08:33:51 +0900
Message-ID: <wkhf5qymn4.wl@FREYA.hmp.sony.co.jp>
From: Hori Masato <mho@pobox.com>
To: doc-jp@jp.freebsd.org
In-Reply-To: In your message of "Thu, 2 Nov 2000 09:57:08 +0900 "
	<200011020058.JAA04432@eos.ocn.ne.jp>
References: <200011020058.JAA04432@eos.ocn.ne.jp>
User-Agent: Wanderlust/1.1.1 (Purple Rain) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) Emacs/20.4 (i386-*-windows98.1998) MULE/4.1 (AOI) Meadow/1.10 (TSUYU)
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7789
Subject: [doc-jp 7789] Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: mho@pobox.com


$B$$$D$b!"$4$/$m$&$5$^$G$9!#(B

At Thu, 2 Nov 2000 09:57:08 +0900 ,
Hiroki Sato <hrs@eos.ocn.ne.jp> wrote:

> [1  <text/plain; iso-2022-jp (7bit)>]
> $B:4F#!wEl5~M}2JBg3X$G$9!#(B
> 
>  00:62 $B$NK]Lu$G$9!#(B
> 
> 
> II.  $BLdBj$N>\:Y(B - Problem Description
> 
> A "format string vulnerability" was discovered in the top(1) utility
> which allows unprivileged local users to cause the top process to
> execute arbitrary code.  The top utility runs with increased
> privileges as a member of the kmem group, which allows it to read from
> kernel memory (but not write to it).  A process with the ability to
> read from kernel memory can monitor privileged data such as network
> traffic, disk buffers and terminal activity, and may be able to
> leverage this to obtain further privileges on the local system or on
> other systems, including root privileges.
> 
> top(1) $B$K$O(B, $B9b$$8"8B$r;}$?$J$$%m!<%+%k%f!<%6$,(B top $B%W%m%;%9$r(B
> $BMxMQ$7$FG$0U$N%3!<%I$r<B9T$G$-$k$h$&$J(B, $B!V=q<0;XDjJ8;zNs$K5/0x$9$k(B
> $B%;%-%e%j%F%#>e$N<eE@!W$,H/8+$5$l$F$$$^$9(B.  top $B%f!<%F%#%j%F%#$O(B
> $B%+!<%M%k%a%b%j$rFI$_=P$9$3$H$,2DG=(B ($B$?$@$7=q$-9~$_$OIT2D(B) $B$J(B
> kmem $B%0%k!<%W$N8"8B$G<B9T$5$l$^$9(B.  $B%+!<%M%k%a%b%j$rFI$`$3$H$N(B
> $B$G$-$k%W%m%;%9$O(B, $B$?$H$($P%M%C%H%o!<%/%H%i%U%#%C%/(B, $B%G%#%9%/%P%C%U%!(B,
> $BC<Kv$NI=<(>uBV$H$$$C$?%"%/%;%9$K9b$$8"8B$rI,MW$H$9$k%G!<%?$r(B
> $B%b%K%?%j%s%0$9$k$3$H$,$G$-$k$?$a(B, $B%m!<%+%k%7%9%F%`(B, $B$"$k$$$OB>$N(B
> $B%7%9%F%`$K$*$$$F(B, $B$=$N>pJs$,(B root $B8"8B$r4^$`(B, $B$5$i$K9b$$8"8B$r(B
> $BF@$k$?$a$KMxMQ$5$l$k4m81@-$,$"$j$^$9(B.

runs with increased priviledges

$B$r$"$($FLu=P$9$k$J$i(B

kmem $B%0%k!<%W$K8"8B$r>e$2$F<B9T$5$l$^$9(B.

$B$G$7$g$&$+!#$A$g$C$HF|K\8l$,$3$J$l$F$$$^$;$s!#$9$_$^$;$s!#(B

> III. $B1F6AHO0O(B - Impact
> 
> Local users can read privileged data from kernel memory which may
> provide information allowing them to further increase their local or
> remote system access privileges.
> 
> $B%m!<%+%k%f!<%6$O(B, $B%+!<%M%k%a%b%j$+$i%"%/%;%9$K9b$$8"8B$rI,MW$H$9$k%G!<%?$r(B
> $BFI$_=P$9$3$H$,2DG=$G$9(B.  $B%+!<%M%k%a%b%j$+$iFI$_=P$;$k%G!<%?$K$O(B,
> $B%m!<%+%k$b$7$/$O%j%b!<%H%7%9%F%`$K$*$$$F(B, $B9b$$%"%/%;%98"8B$rF@$k$?$a$K(B
> $BMxMQ$G$-$k$h$&$J>pJs$r4^$s$G$$$k2DG=@-$,$"$j$^$9(B.

$B!V%m!<%+%k%f!<%6$,!W$NJ}$,DL$j$,$$$$$h$&$J5$$,$7$^$9!#(B

$BKY!!???M(B
